steevepay / gitlab-docker-letsencrypt Goto Github PK

Gitlab CE + Docker Compose + Let's Encrypt (auto generate/renew)

gitlab-ce docker docker-compose letsencrypt gitlab

gitlab-docker-letsencrypt's Introduction

Gitlab CE + Docker Compose running with auto generate/renew Let's Encrypt Certificate

With this repo you will be able to set up self hosted Gitlab CE as a container over SSL auto generated and auto renewed by a web proxy.

PREREQUISITES

In order to use this compose file (docker-compose.yml) you must have:

docker https://docs.docker.com/engine/installation/
docker-compose https://docs.docker.com/compose/install/
docker-compose-letsencrypt-nginx-proxy-companion https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion

HOW TO USE

Close this repository

$ git clone https://github.com/steevepay/gitlab-docker-letsencrypt.git

Make a copy of the .env.example and rename it to .env:

Update this file with your preferences.

#
# Container name for your Portainer
#
CONTAINER_NAME=my-gitlab-container

#
# Path where your Gitlab files will be located
#
GITLAB_DATA_PATH=/data/gitlab/

#
# Your domain (or domains)
#
VIRTUAL_HOST=gitlab.domain.com,www.gitlab.domain.com


#
# Your domain (or domains) for SSL certificate
#
LETSENCRYPT_HOST=gitlab.domain.com,www.gitlab.domain.com

#
# Your email for Let's Encrypt register
#
LETSENCRYPT_EMAIL=[email protected]

#
# Main domain for SSL certificate and gitlab
#
MAIN_DOMAIN=gitlab.domain.com

#
# Network name
# 
# Your container app must use a network conencted to your webproxy 
# https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion
#
NETWORK=webproxy

Validate and view the docker-compose configuration before starting.

$ docker-compose config

Start the container.

During the build time, the environment variables are injected into the image.

$ docker-compose up -d

Please keep in mind that when starting for the first time it may take a few moments (even a couple minutes) to get your Let's Encrypt certificates generated

Pre-configure Gitlab CE

You can pre-configure the GitLab Docker image by adding the environment variable GITLAB_OMNIBUS_CONFIG to the docker-compose file. This variable can contain any gitlab.rb setting and will be evaluated before loading the container’s gitlab.rb file. That way you can easily configure GitLab’s external URL, make any database configuration or any other option from the Omnibus GitLab template.

Here is an example of pre-configuring OVH STMP server for the gitlab:

version: "3.7"

services:
  gitlab-letsencrypt:
    image: 'gitlab/gitlab-ce:latest'
    container_name: ${CONTAINER_NAME}
    restart: always
    hostname: ${MAIN_DOMAIN}
    volumes:
      - '${GITLAB_DATA_PATH}config:/etc/gitlab'
      - '${GITLAB_DATA_PATH}logs:/var/log/gitlab'
      - '${GITLAB_DATA_PATH}data:/var/opt/gitlab'
    restart: unless-stopped
    env_file:
      - ./.env
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        gitlab_rails['smtp_enable'] = true
        gitlab_rails['smtp_address'] = 'ssl0.ovh.net'
        gitlab_rails['smtp_port'] = 465
        gitlab_rails['smtp_user_name'] = '[email protected]'
        gitlab_rails['smtp_password'] = ''
        gitlab_rails['smtp_domain'] = 'ssl0.ovh.net'
        gitlab_rails['smtp_authentication'] = 'login'
        gitlab_rails['smtp_enable_starttls_auto'] = true
        gitlab_rails['smtp_tls'] = true
        gitlab_rails['smtp_openssl_verify_mode'] = 'none'
    networks:
      - default

networks:
  default:
    external:
      name: ${NETWORK}

For more options about configuring GitLab please check the Omnibus GitLab documentation.

gitlab-docker-letsencrypt's People

Contributors

Stargazers

Watchers

Forkers

mmmika mstroppel sompornp kschlender stail900 hakanaku1234 only-forks vincenzo-pinto venicetio jozefdo fredcrmn

gitlab-docker-letsencrypt's Issues

it no work

I have been messing with this for days. It isnt working. No matter what I try, SSL is not going to my gitlab. Any tips?

unable to get ssh to work.

I am unable to get the ssh pull and push to work.

I am thinking the issue may have to be with the proxy not using port 22.

Error adding a runner

Hi,
I tried to add a runner by adding this in the docker-compose.yml:

gitlab-runner1:
image: gitlab/gitlab-runner:latest
restart: always
container_name: gitlab-runner1
hostname: gitlab-runner1
depends_on:
- gitlab-letsencrypt
volumes:
- ./config/gitlab-runner:/etc/gitlab-runner
- /var/run/docker.sock:/var/run/docker.sock
networks:
- default

I then run a script to register the running like this:
registration_token=xxxxxxxxxxxxxxx
url=http://gitlab-letsencrypt

docker exec -it gitlab-runner1
gitlab-runner register
--non-interactive
--registration-token ${registration_token}
--locked=false
--description docker-stable
--url ${url}
--executor docker
--docker-image docker:stable
--docker-volumes "/var/run/docker.sock:/var/run/docker.sock"
--docker-network-mode default
And it runs and registers successfully.

The thing is that the runner systematically fails any jobs with the following error:

Running on runner-94ds8ayaf-project-1-concurrent-0 via gitlab-runner1...
Getting source from Git repository 00:01
Fetching changes with git depth set to 20...
Reinitialized existing Git repository in /builds/doc-editor/xxxxxxxxxxxxxxxxx/.git/
remote: HTTP Basic: Access denied. The provided password or token is incorrect or your account has 2FA enabled and you must use a personal access token instead of a password. See https://xxxxxxxxxxxxxx/help/topics/git/troubleshooting_git#error-on-git-fetch-http-basic-access-denied
fatal: Authentication failed for 'http://xxxxxxxxxxxxxxxxxxxx.git/'
ERROR: Job failed: exit code 1

I also tried to use an extra_host in the docker-compose.yml to force to use the public ip address and then to be able to use the https endpoint...but I got the same error.
Did you already experienced this kind of issue and managed to find a solution ?